CVE-2024-20974

Summary

CVE-2024-20974 is a newly identified vulnerability affecting the Optimizer component in Oracle MySQL Server versions 8.0.35 and prior, as well as 8.2.0 and prior. This issue is characterized as easily exploitable, allowing high privileged attackers with network access to cause a denial-of-service (DoS) condition by exploiting the vulnerability via multiple protocols. Successful attacks can lead to a MySQL Server hang or frequent crashes. The base score for this vulnerability, according to the Common Vulnerability Scoring System (CVSS), is 4.9, reflecting the significant impact on availability. Attackers can take advantage of this vulnerability without user interaction (UI:N), and it requires high privileges to exploit (PR:H).

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.